Alex <mysqlstud...@gmail.com> writes: > What do you know about "Gmail confidential mode" emails? I'm starting to > see a few of these come in to users now, and not sure how to treat them. > They are sent through gmail, but require a one-time passcode sent to the > recipient,
Did you actually look at them? What do they look like? What does the recipient have to do to actually get the mail? Does this only work gmail to gmail? > so any potential threat is not transferred through the same > email (or any email at all). huh? I don't follow this at all. It is a longstanding tradition to send malware through zip or encryption to avoid scanning. I would view these with extreme suspicion as if you are communicating with people you know and want privacy, the obvious first step is to avoid gmail and use Matrix/Signal or OpenPGP mail, and if it's from someone you don't know, well...n > otherwise have no other spam indicators. When you looked at the raw bytes in the mailspool, what was in it? What does the SA debug output look like? It doesn't make sense that wouldn't have done these things before posting, but you didn't explain.
signature.asc
Description: PGP signature
